Release Notes - 2024-NOV-14
Added
Risk
The risk import CSV file can now include the likelihood and impact rationale fields. Using the import process you can add or update the values of the likelihood and impact rationale fields.
See Importing risks for more information.
See the Risk Register - Import Suggestion idea in the Ideas portal.
Risk membership can now be updated using bulk actions on the risks grid.
See Editing risks for more information.
See the Bulk add/remove 'members' to Risks idea in the Ideas portal.
Groups
You can now import groups from the Groups tab in Settings > People. By importing a CSV file, you can upload groups or add members to existing groups.
If you include a user that already exists in Hyperproof in the import file, Hyperproof adds them to the group.
If you include a user that doesn't exist in Hyperproof in the import file, Hyperproof adds them to the organization as a contact and also to the group. You can invite a contact to your organization as a full member any time.
See Importing groups for more information.
Labels
The Description field for labels now displays in the grid view, making it easier to locate a specific label.
See the Show label description in grid view idea in the Ideas portal.
Hyperproof Gov
To support the highest levels of security required by FedRAMP, we have added malware scanning support when uploading and downloading proof .
Self-service Reporting
Time series data is now GA. New snapshot tables for the Hyperproof business objects have been added with the "TS_" prefix (TS_CONTROL, TS_RISK, etc.), which enables creating reports that compare values (e.g., health, residual risk, etc.) month over month (or any multiple of month over month, e.g. quarter over quarter).
Improved
Hypersyncs and integrations
New Hypersync for Lacework with 1 proof type: List of Users.
See Lacework proof types and permissions for more information.
See the Hypersync: Lacework idea in the Ideas portal.
New Hypersync for Checkmarx CxOne with 2 proof types: Create Report, List All Projects
See Checkmarx CxOne proof types and permissions for more information.
Updated the Hypersync for AWS with 1 new proof type: List of Users with MFA Devices
Note
This new proof type requires an additional AWS action (ListMFADevices). See Creating a policy and adding an AWS Hypersync user for additional help adding the new action.
Program frameworks
APRA CPS 234 is now available as a program - APRA CPS 234 is an information security regulation issued by the Australian Prudential Regulation Authority. Financial institutions must establish and maintain security measures that protect critical data and IT systems. The regulation mandates proactive risk management, secure outsourcing arrangements, incident response planning, and governance structures to ensure resilience against cyber threats and unauthorized data access. This framework includes controls as restatements of requirements.
Updated—Korea ISMS-P has been updated to the 2024 version and cross-walked. An update map is available for customers using the prior version.
Addressed issues
Fixed an issue where the AWS IAM List of Users with MFA Settings proof type contained different data than that shown on the AWS console. (Case # 00008576)
Fixed an issue importing controls with scope assignments where controls displayed a Healthy status after changing the scope owner. (Case # 00008554)
Fixed an issue where a contact couldn't be assigned as the owner of a control when creating a new control. (Case # 00009003)
Fixed a user interface issue where horizontal scroll bars blocked the bottom of a task on an audit request when the browser zoom level was set to 125%. (Case # 00009078)
Fixed the Creating a requirement assessment window to allow you to resize the requirement ID column. Requirements with long IDs couldn't be fully displayed. (Case # 00009140)
Fixed an issue with user invitations to an organization that uses Single Sign-on (SSO), where Hyperproof generated errors when the users tried to accept the invitations. (Case # 00009126)
Fixed an issue with Jira task integrations where Hyperproof settings for the Jira integration and tasks created by deactivated users couldn't be edited. (Case # 00009138)
Fixed an issue on the Settings > People > Groups window where using the scroll bar to scroll down didn't show all of the groups in the list. (Case # 00009139, 00009249)
Improved performance when logging in to Hyperproof and loading the app. (Case # 00009149)
Fixed an issue on the Controls grid where the same label name was displayed multiple times when hovering over the number of labels for a control. The incorrect display only happened when the same label was added to a control and one or more of its scoped controls. (Case # 00009124)
Fixed an issue exporting data in CSV format from Hyperproof when the data contained a field value that started with a dash or other special character. The special character was changed to a # during the export process, but is now exported successfully. (Case # 00009152)
Fixed an issue where proof with LiveSync toggled on was not automatically updated. (Case # 00009183, 00009250)
Fixed an issue where an unexpected error was generated when trying to view a task on an issue in a Risk Register. (Case # 00009188)
Fixed an issue where a Contact name couldn't be edited in Hyperproof under Settings > People. (Case # 00009189)
Fixed an issue with the Hypersync for JumpCloud where resource not found errors were generated when trying to collect proof using the groups filter. (Case # 00009187)
Fixed an issue where mp4 video files wouldn't play when opened in the Proof Viewer. (Case # 00009204)
Fixed an issue with Single Sign-on where errors were generated when users tried to log in to Hyperproof using SSO: Error: failed to create connection (Conflict). (Case # 00009151)
Fixed an issue where external auditors couldn't see proof on an audit request when the request status was set to Approved. (Case # 00009211)
Fixed an issue exporting audit requests where the Status column was either blank or showed "Not started" depending on the export file type. (Case # 00009216, 00009221)
Fixed an issue where users couldn't access control assessments, and an access denied error was generated if the Scopes feature was turned off at the organization level. (Case # 00009190, 00009217, 00009227)
Fixed an issue uploading proof to controls where an access denied error was generated if the Risk Register feature was turned off at the organization level. (Case # 00009214, 00009225, 00009229)
Fixed an unexpected error generated when trying to sort risks in the grid view by a custom field of type User Picker. (Case # 00009232)
Fixed an issue where updating the due date in a ServiceNow task deleted the due date in the corresponding Hyperproof task during the first sync. (Case # 00009244)
Fixed a permissions issue where inviting a deactivated user to Hyperproof with the Limited Access User role allowed that user to create controls if they formerly had a role with more permissions, such as administrator. (Case # 00009255)
Fixed an issue where the first sync of a ServiceNow task cleared the due date in the corresponding Hyperproof task. (Case # 00009244)
Fixed an issue where a user couldn't import controls from a CSV file and the import window didn't indicate where the error occurred. (Case # 00009201)
Fixed an issue where changing a task assignee in ServiceNow didn't change the assignee in the corresponding Hyperproof task during the first task sync. (Case # 00009244)